8 minute read
Championing safe digital transformation
Cybercriminal activities which include fraud, e-commerce data seizure and phishing attacks have increased as regional banks swung to digital-only models amid new models of operations such as remote working
Though the outbreak of the coronavirus pandemic has had a devastating impact on the global economy, it has also accelerated digital transformation across business models, channels, and touchpoints. Before COVID-19 was declared a pandemic, financial service providers across the Gulf region had long made considerable progress in digitizing their products and services compared to their peers in other emerging markets regions.
Advertisement
“Digital transformation is no longer a luxury, but a necessity. Banks that are agile, flexible, and willing to transform their business models will be the ones that succeed, and secure their financial strength for future growth,” said KPMG.
When the pandemic made landfall on the shores of the Arabian Gulf almost a year ago, all regional banks swung to digital-only models moving nearly all their interactions with customers online to build solutions that better suit clients’ needs at that time.
However, the recent cyberattack on Microsoft’s widely used business email software shows that banks are presented with the difficult task of balancing the traditional approach to risk management with the need to respond quickly to a crisis that has created massive changes to their operating environment.
Cybercriminal activities which include fraud, e-commerce data seizure and phishing attacks have increased
as regional banks swung to digital-only models amid new models of operations such as remote working. The cyberattack on the central bank of Bangladesh in February 2016, in which the hackers got away with $101 million, is also a wake-up call for the financial service sector that systemic cyber risks cannot be underestimated.
A data-driven approach to digital transformation can help banks’ security systems through the detection of fraud signals and analyze them in real-time using artificial intelligence (AI) and machine learning (ML) to flag suspicious activities before they corrupt the entire banking system.
GCC states seek to be leaders in digital innovation, however, the adoption of new technologies leaves them vulnerable to an increasing range of cyberthreats. According to Chatham House, “There is an inherent correlation between the ambition to become a leader in the digital world and the apparent vulnerability to a wide range of cyber threats.”
Emerging risks
As C-suite executives are transitioning from an emergency mode which saw the implementation of COVID-19 mitigation measures, they also need to address new emerging risks such as video and voice communication surveillance, data security controls for the use of personal equipment, and cases of third and fourth parties falling victim to cyberattacks.
The coronavirus crisis prompted several banks to implement new digital features, such as fully digital processes (e.g. account opening, remote identification and verification, and contactless payments), said Deloitte.
Given how payments and transaction banking services are a core feature of a financial institution, the recent digitalization is driving massive adoption of contactless payments methods across the Gulf region amid the growth of e-commerce and changing preferences among banks’ young tech-savvy customers base.
Hackers are exploiting the fear around the pandemic to get malware onto clients’ devices and this trend has hit the banking sector most hard, said Nicolai Solling, the Chief Technology Officer, Help AG.
But it is worth noting that just like any other financial service or department, cashless transactions expose both customers and banks to new variations of cybercrime. The increased adoption of digital payment platforms in the wake of the pandemic has also increased customers’ exposure to cyber-criminal activities.
According to the INTERPOL, during the first four months of 2020, 907,000 spam messages, 737 incidents related
to malware and 48,000 malicious URLs – all related to COVID-19 – were detected by one of the organization’s private sector partners.
As such, global financial institutions are finding themselves a step behind as their existing approaches to combat cybercrime cannot adequately handle the many threats and burdens, they encounter. Cyberattacks are getting more sophisticated by the day. The evolution of fraud and financial crime moves in tandem with the developments in the domains they plunder.
Cybercriminals have also become more imaginative during the pandemic. Hence, GCC banks should leverage new technologies and constantly change their operating models to obtain a holistic view of the evolving landscape of financial crime.
Similarly, with more customers social distancing and retailers shifting to costeffective models, the use of e-commerce has become paramount. KPMG said that customers are spending on average 10 to 30% more online with e-commerce consumer sales jumping 28% at the height of the pandemic.
However, INTERPOL weighed in saying e-commerce data interception poses an emerging and imminent threat to online shoppers, undermining trust in online payment systems.
The increase in cyber-criminal activities has also heightened the need for both customers and businesses to
consider the cybersecurity protocols of their suppliers and other third parties.
A risk assessment is essential before giving any third parties access to your business networks, said KPMG. The assessment should also be extended to the access your suppliers give to their third parties including their handling of customer data and their organization’s security policies.
Cybercriminals are adopting the latest emerging technology and are forever changing techniques to make their cybercrimes more effective, faster, and adaptable to current safety measures. In the GCC financial services sector, banks that effectively leverage their digital assets, strengthen their cyber resilience and manage third-party risk are poised to reap the benefits of
ResearchAndMarkets.com
increased revenue streams, regulatory compliance as well as enhanced operational efficiency.
Staying vigilant
As regional government and corporates – especially banks and the retail sector – swing more towards digitized economies, exponentially more data is generated and shared among organizations, stakeholders, and customers said PwC. The more corporates and governments digitize, the more they are exposed to new digital vulnerabilities, making an effective approach to cybersecurity and privacy more important than ever.
Data breaches have grown in intensity and frequency globally in recent months as cybercriminals take advantage of the pandemic upheaval. Cyberattacks are a global phenomenon and are continually developing in sophistication and impact, despite the advances in cybersecurity technologies and practice. Over the years, cybercriminal activities have also evolved into well-organized networks with advanced capabilities and specialized divisions of labor.
However, PwC stated that the new cybersecurity legislation, both globally and across the Middle East is driving customers’ demands around trustworthiness and safeguarding of personal data.
KPMG stated that in an era of dizzying technological innovation, most banks are modernizing every facet of their operations and working on becoming more trusted by their customers. “There is a massive evaluation process underway, of various aspects of SASE, beginning with something as simple as web security, for example, to make sure the right security policies are enforced when customers and employees are browsing the web, at home, without having to send all of that traffic back to the enterprise,” said Solling.
Artificial intelligence (AI), machine learning (ML), and cloud computing can help firms to manage and understand ever-growing data sets while effectively identifying previously undiscovered patterns, which is critical for flagging potentially suspicious behavior.
Across the GCC
According to ResearchAndMarkets.com, the rapid digitalization in countries, like the UAE and Saudi Arabia, has triggered the number of connected devices thereby opening new gateways for cyberattacks. However, these two Arab neighbors are also revered for their extraordinarily strong regulatory compliance requirements across all businesses, which further acknowledges data as a key asset and reinforces their commitment
to ensuring that cybersecurity is not only best in the region but globally.
GCC governments and corporates operating in the region are also aware of the heightened cyber threats associated with digitization especially following the outbreak of the pandemic.
GCC region has embarked on policies to unlock the possibilities offered by Big Data. According to Castlereagh Associates, the effectiveness of the steps taken by the GCC countries to develop the resilience of state institutions and business sectors is reflected in their ranking in the Global Cybersecurity Index.
The index, which assesses the preparedness of countries to combat cyberattacks under five pillars including legislation, technical and organizational capabilities, capacity building and cooperation, ranks GCC countries top in the Middle East and highly on a global scale due to their commitment to cybersecurity.
Gulf states have been stepping up their cybersecurity capabilities long before the pandemic hit in a bid to bolster their national cyber-security capabilities as well as improve the protection level of their critical national infrastructures and companies.
In the UAE, the Dubai Financial Services Authority (DFSA) recently launched the DFSA Cyber Threat Intelligence Platform which offers enriched cyber threat intelligence information to users and financial institutions. The platforms also allow other firms to share information about current cyber threats in a bid to stay one step ahead of cybercriminals.
Under Saudi Arabia’s Vision 2030, the kingdom seeks to transform 10 cities into smart cities including Makkah, Riyadh, Jeddah, Al Madinah, and Al Ahsa, the UAE set a goal to conduct 50% of government’s transactions via blockchain platforms within the next three years while the other Gulf states have embarked on policies to unlock the possibilities offered by Big Data.
As regulatory bodies such as the DFSA are prioritizing cybersecurity measures, progressive institutions recognize that it is not merely a ‘technology problem’ but a wider business challenge that requires business ownership and strategic development. Regional banks are also tapping third parties to facilitate technology implementation, to decrease costs, enhance customer experience, and boost their competitive edge.
Help AG’s Solling said that new regulations continue to be rolled out, which brings to the forefront the importance of understanding the data that a bank is hosting, the owner of the data and how to deal with it.
ResearchAndMarkets.com said that the cybersecurity market in the Middle East and Africa was valued at $1903.59 million in 2020 and it is expected to hit the $2,893.4 million mark by 2026, registering a CAGR of 7.92% between 2021 and 2026.
MENA Cybersecurity market will hit the $2,893.4 million mark by 2026, registering a CAGR of 7.92%.
Source: Research And Markets
36 FORTUNE GLOBAL 500 FINANCE COMPANIES DIGITALLY TRANSFORM WITH HUAWEI.
